Am 10.05.18 um 04:04 schrieb Al Varnell:
How about this section:
Performing additional rootkit checks
Checking for possible rootkit files and directories [None found]
Checking for possible rootkit strings [None found]
Sorry to BUMP this older thread but I have a similar issue with rkhunter 1.4.6,
just upgraded to 1.4.6.2 on Ubuntu 18.04 .
rootkit checks and additional checks are green.
There are only 2 messages about "The following suspicious (large) shared memory
segments have been found:"
for /usr/bin/xfdesktop ... Size: 64MB (configured size allowed: 1,0MB)
and /usr/bin/lxterminal ... Size: 1,0MB (configured size allowed: 1,0MB)
PID and user are correct.
I am running XFCE so I wonder if rkhunter does not know about XFCE processes or
if these are really rootkits.
Thx in advance.
-Al-
On Wed, May 09, 2018 at 07:02 PM, Mark Misulich wrote:
Nope, nothing in the list of rootkits you referenced is written in red. They
are all tagged "not found" in green. Every rootkit check listed in the
/var/log/rkhunter.log is listed as not found.
On Wed, 2018-05-09 at 15:13 -0700, Al Varnell wrote:
Didn't you get a section above the summary that looks something like this:
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [Not found]
ADM Worm [Not found]
AjaKit Rootkit [Not found]
Adore Rootkit [Not found]
There would be an entry inRedindicating what Rootkit was found, then go to
that entry in the log to see what indicated having located that specific
rootkit and research that to see what needs to be done, if anything.
-Al-
macOS User
On Wed, May 09, 2018 at 07:21 AM, Mark Misulich wrote:
Hi,
when I run rkhunter on my opensuse 42.3 linux Operating System, I get
this result telling me that I have a possible rootkit.
Rootkit checks...
Rootkits checked : 500
Possible rootkits: 1
I have looked through the var/log/rkhunter.log and don't find anything
that stands out to me as what this might be. Also, I don't know what to
do to deal with this if there actually is a rootkit that rkhunter
detects. Could someone on the list advise me how to proceed to deal
with this?
Thanks,
Mark
-Al-
--
Al Varnell
Mountain View, CA
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
